Lucene search
+L

3053 matches found

Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.7 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

5.8AI score0.00196EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.6 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.8AI score0.00196EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.5 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52983

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the item type administration page. An authenticated remote attacker with administrator privileges can inject arbitrary web...

5.4CVSS6AI score0.00196EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52982

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the OPAC item detail page. An authenticated remote attacker with edit items permission can inject arbitrary web scripts throu...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.29 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

0.00196EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.30 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

0.00196EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 12:0 a.m.12 views

CVE-2026-50767

CVE-2026-50767 describes a stored XSS vulnerability in Koha Library Management System (up to version 25.11) where an authenticated administrator can inject arbitrary scripts through the item type check-in message field (checkinmsg). The issue requires administrator privileges and is triggered by ...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/26 12:0 a.m.4 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS5.9AI score0.00196EPSS
Exploits1References3
CVE
CVE
added 2026/06/26 12:0 a.m.14 views

CVE-2026-50766

CVE-2026-50766 is a stored XSS vulnerability in the Koha Library Management System (OPAC item detail page) up to version 25.11. An authenticated user with the ability to edit items can inject arbitrary web scripts via the item public notes field (items.itemnotes). The connected documents confirm ...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/26 12:0 a.m.3 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

5.4CVSS5.9AI score0.00196EPSS
Exploits1References3
CVE
CVE
added 2026/06/25 9:46 p.m.20 views

CVE-2026-22879

The CVE concerns the vtk-dicom component, specifically the vtkDICOMItem::NewDataElement function. It is described as a heap-based buffer overflow vulnerability in vtk-dicom. The CVSSv3.1 vector indicates a high-severity issue (C:H, I:H, A:H) with network attack vector, high attack complexity, no ...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:46 p.m.8 views

CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 7:38 p.m.4 views

MINI-R647-J7J2-497M

Bulletin has no description...

9.1CVSS5.7AI score0.00533EPSS
Exploits0
NVD
NVD
added 2026/06/25 4:16 p.m.9 views

CVE-2026-48941

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:26 p.m.7 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw...

3.4CVSS5.9AI score0.00167EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 3:26 p.m.9 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS5.8AI score0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:25 p.m.7 views

CVE-2026-48941

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 3:25 p.m.8 views

EUVD-2026-39443

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 3:25 p.m.9 views

CVE-2026-48941

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References1
Rows per page
Query Builder